Could Ethereum's security be tested as price of ether rockets?

The value of Ethereum's native currency, Ether, has increased dramatically in recent weeks and its market cap has hit $1bn ($1.4bn, €1.2bn). If ether hits $20, $30 or $50 before the migration to proof of stake (PoS), it seems plausible this could invite attempts to test the security of Ethereum.

PoS, for which there is no specification yet, will be based on a system of security deposits held by validators to make it very expensive to attack the network.

Public decentralised networks that use proof of work (PoW) consensus, as Bitcoin and Ethereum currently do, are always susceptible to collusion. Gaming a network in this way is commonly referred to as a "Sybil attack", whereby 51% of the computing power of the network can be used to gain influence over it.

Ethereum uses a custom PoW consensus algorithm called Ethash, which is different from Bitcoin's. Ethash has been summarised as "GPU-friendly, ASIC-resistant": its design goals attempt to limit the marginal advantage of developing specialised hardware for consensus mining (as in Bitcoin), while still allowing lightweight clients to verify the "weight" of candidate chains.

Gustav Simonsson, who oversaw the security audit of Ethereum, told IBTimes: "The main difference with Ethash is that it's optimised for GPUs and designed to be very hard to design an ASIC for. It's not impossible to make an ASIC for Ethash that is better than modern graphic cards, but as Ethash is memory-bandwidth bound the initial R&D, chip design and manufacturing of an ASIC would cost a few million dollars and probably take at least half a year to put together. The idea with Ethash is not to be ASIC resistance forever, but for long enough that a viable PoS algorithm can be developed and hard-forked to."

At the core, Ethash works the same was as Bitcoin's SHA256 hashing. Miners prepare a block-to-mine and then repeatedly calculate a block hash by incrementing a block header nonce, until they find a hash that is below the difficulty target. As previously stated, this provides the same type of security as Bitcoin's PoW in the sense that an attacker would have to acquire a large amount of hashing power to attack the network. For example, analysis around 51% attacks can be applied to Ethereum as well, as it too defines the longest chain to be the one with the most accumulated mining power (highest total difficulty).

Simonsson added: "Ethereum's PoW is, like Bitcoin's, decoupled from price of its native token. It's up to miners to decide if it's worth mining, and what we see now when the price is going up is an influx of new miners as the reward goes up and the cost remains the same – at least until the difficulty rises.

"With PoW there is always the risk for collusion, and despite Ethereum being very friendly for solo mining we recently saw http://dwarfpool.com/ reaching more than 50% of the network hash rate, increasing the risk of centralisation and collusion. Many miners choose to reduce their income and increase centralisation by joining mining pools."

There is another consideration: one of the arguments for the long-term rationality of honest Bitcoin mining is essentially based on the fact that investments in Bitcoin mining equipment cannot be recovered in any other way. If a dishonest miner participates in some attack that lowers the value of Bitcoin, then the miner must not only forego future mining profits, but would also be unable to sell the mining equipment. However, if the dishonest miner were using general purpose equipment such as GPUs, the resale value of these devices would not be as sharply affected by a decrease in Bitcoin value.

Peter Todd, core Bitcoin developer told IBTimes: "It's not at all clear if this is the right design decision, even in the short term. ASIC 'soft' PoW has the advantage that miners are making use of a substantial investment in custom hardware that's useless for other purposes; if they attack the few systems that use the PoW they may end up with that investment being useless for any other purpose.

"On the other hand, if Ethereum used Bitcoin's PoW algorithm, Bitcoin miners could attack Ethereum, and equally if Ethereum became more popular than Bitcoin that could also put Bitcoin at risk.

"Very complex scenarios here - it's no wonder Blockstream has been promoting the idea of sidechains, where multiple PoW users can essentially work together and combine the security of all systems. But sidechains don't let you make money by issuing currencies."

The Ethash system has some other security enhancements built in; it's a faster, more dynamic difficulty adjustment algorithm, as Simonsson explained. "Where Bitcoin adjusts difficulty on average every two weeks, Ethereum adjusts the difficulty target each block, moving it up or down by 1/2048 (~0.04%). This means the network adjusts quickly to miners joining or leaving and finds an equilibrium between block time and difficulty in a few hours," he said.

"Regardless of which consensus algorithm is in place, the Ethereum community is always monitoring the network and prepared to hard fork if anything goes seriously wrong. This goes back to social consensus – what people want from the network. If something where to go wrong that impacts what most want from the network, social consensus would build on fixing it, potentially very quickly by releasing patches to clients that would either hard fork the network or follow one existing fork."